Configuring Identity Bridging Settings

<

|

When Kerberos is configured in the backend application, to set up identity bridging in Unified Access Gateway, you upload the identity provider metadata and keytab file and configure the KCD realm settings.

When identity bridging is enabled with header-based authentication, keytab settings and KCD realm settings are not required.

Before you configure the identity bridging settings for Kerberos authentication, make sure that the following is available.

An identity provider is configured and the SAML metadata of the identity provider saved. The SAML metadata file is uploaded to Unified Access Gateway.

For Kerberos authentication, a server with Kerberos enabled with the realm names for the Key Distribution Centers to use identified.

For Kerberos authentication, upload the Kerberos keytab file to Unified Access Gateway. The keytab file includes the credentials for the Active Directory service account that is set up to get the Kerberos ticket on behalf of any user in the domain for a given back-end service.

A keytab is a file containing pairs of Kerberos principals and encrypted keys. A keytab file is created for applications that require single sign-on. Unified Access Gateway identity bridging uses a keytab file to authenticate to remote systems using Kerberos without entering a password.